Last update of the privacy policy: 25/10/2024
Introduction
This privacy policy aims to inform users about the type, scope, and purpose of the personal data we collect, use, and process. Additionally, it explains the rights of individuals whose data is affected.
In general, you can use our website without providing personal data. However, if you wish to access specific services offered by our company through the website, processing of personal data may be required. If this processing is necessary and there is no legal basis, we will typically request your consent.
We will only process personal data in the context of our services or business activities when there is a valid legal basis for doing so.
Personal data, such as names, addresses, email addresses, or phone numbers, are processed in line with the General Data Protection Regulation (GDPR) and any applicable country-specific data protection laws.
In this privacy policy, technical terms are explained in clear language, and links to further information are provided where relevant.
If you have additional questions, please consider using the links provided or reach out to us directly via the contact details listed below, which are also available in the legal notice.
Scope of application
This privacy policy applies to all personal data processed by our company and to all personal data processed by third-party companies acting on our behalf (processors). Personal data is all information within the meaning of Art. 4 No. 1 of the General Data Protection Regulation (GDPR), such as names, e-mail addresses and postal addresses. The processing of personal data enables us to provide and invoice our services and products, both online and offline.
This Privacy Policy applies to all our online platforms (websites, online stores), social media accounts and email communications, as well as mobile apps for smartphones and other devices.
Explanation of terms used
We strive to make our privacy policy as clear and understandable as possible. However, this can be challenging, especially when dealing with technical or legal topics. In some cases, it is necessary to use legal terms (e.g., personal data) or technical terms (e.g., cookies, IP address). We aim to explain these terms where possible. Below, you will find an alphabetical list of key terms that may not have been fully clarified in the main privacy policy. For terms defined by the GDPR, we will include the relevant GDPR text and provide additional explanations where needed.
Processor
Definition according to Article 4 of the General Data Protection Regulation
“Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”
This means that the processor processes personal data on behalf of and under the instruction of the controller without deciding on the means and purposes of the data processing. They therefore act exclusively in accordance with the controller’s instructions and carry out the data processing, for example as part of services such as hosting, IT support or cloud services.
As the owner of this website and as a company, we are responsible for the data that we collect and process from you. However, other entities, known as processors, may also process personal data on our behalf. These include service providers such as hosting or cloud services, payment platforms, newsletter providers or tax consultants.
Third party
Definition according to Article 4 of the General Data Protection Regulation
According to the General Data Protection Regulation (GDPR), the term “third party” refers to any natural or legal person, public authority, agency, or other body apart from the data subject, the controller (i.e. the person or organization processing the data) or the processor (who processes data on behalf of the controller). A third party is therefore a party outside the direct relationship between the data subject and the controller or processor.
Restriction of processing
Definition according to Article 4 of the General Data Protection Regulation
“Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.”
This means that the processing of this data is restricted to certain purposes and may no longer be used in full. This restriction of processing often comes into effect if, for example, the accuracy of the data is disputed by the data subject or the data is not to be deleted but its use must be restricted (e.g. during an audit).
You have the right to request that the processing of your personal data be restricted. This means that certain data, such as your name, date of birth or address, can be marked in such a way that further use is restricted. For example, you can request that your data no longer be used for personalized advertising. no longer be used for personalized advertising.
Consent
Definition according to Article 4 of the General Data Protection Regulation
The term “consent” is defined in Article 4(11) of the GDPR. It states:
“Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
Important characteristics of consent under the GDPR are therefore
- Voluntaries: the data subject must give their consent without coercion or pressure.
- For the specific case: consent must relate to a clearly defined purpose
- Informed: The person must be sufficiently informed about the type of data processing.
- Unambiguous: Consent must be unambiguous and given by an action or declaration (e.g. by ticking a box or by verbal consent).
On websites, consent is usually obtained via a cookie consent tool. When you visit a website for the first time, a banner usually appears asking for your consent to data processing. You can often adjust these settings and decide which types of data processing you allow or reject. Your personal data cannot be processed without your consent. Consent is often obtained via digital tools, but can also be given in writing.
Recipient
Definition according to Article 4 of the General Data Protection Regulation
The term “recipient” is defined in Article 4(9) of the GDPR. It states:
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
This means that the recipient can be any body to which personal data is transmitted. This includes not only “third parties” (persons outside the company), but also internal units or institutions. However, authorities that receive data as part of a statutory investigation mandate are excluded from this definition. These are not considered recipients within the meaning of the GDPR.
Any person or organization that receives and thus processes personal data is considered a recipient. This includes both us and our service providers (processors). However, public authorities with investigative powers are not considered recipients in this context.
Personal data
Definition according to Article 4 of the General Data Protection Regulation
The term “personal data” is defined in Article 4(1) of the GDPR. It states:
“Personal data” means any information relating to an identified or identifiable natural person (the so-called ‘data subject’). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
This means that personal data includes all information that relates to a specific person or makes them identifiable. This includes obvious information such as a name or address, but also indirect information such as IP addresses or genetic data which, in combination with other data, enable identification.
Common examples are
- Name
- postal address
- E-mail address
- postal address
- Telephone number
- Date of birth
- Identification numbers (e.g. social security, tax ID, passport or student ID)
- Financial data (e.g. bank account numbers, credit information, account balances, etc.)
- IP address, location data
In addition, certain “special categories” of personal data are considered particularly sensitive and require special protection, including
- Race or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Membership of a trade union
- Genetic data (e.g. from blood or saliva samples)
- Biometric data (e.g. to identify mental, physical or behavioral characteristics)
- Information on health
- Data on sexual orientation or sex life
Pseudonymization
Definition according to Article 4 of the General Data Protection Regulation
The term “pseudonymization” is defined in Article 4(5) of the GDPR. According to the GDPR, pseudonymization means:
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
This means that during pseudonymization, personal data is changed in such a way that it can no longer be assigned to a specific person without further information. The additional information that would be required to reassign the data to a person must be stored separately and securely. This serves to protect privacy, as although the data itself can be processed further, it is no longer possible to directly identify the person concerned.
It is important to distinguish between pseudonymization and anonymization. With anonymization, all personal identifiers are completely removed, making it almost impossible to trace or re-identify the person even with considerable technical means.
Processing
Definition according to Article 4 of the General Data Protection Regulation
The term “processing” is defined in Article 4(2) of the GDPR. According to the GDPR, processing means:
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
This means that the term “processing” is very broad and covers practically every action or process in connection with personal data. This includes not only the obvious activities such as storing or changing data, but also processes such as collecting, organizing, transmitting or deleting this data.
In our privacy policy, we refer to any activity that involves the handling of personal data. As set out in the General Data Protection Regulation, this includes everything from the collection and storage of data to its use or deletion.
Legal basis of the GDPR
This privacy policy explains the legal basis of the GDPR, which allows us to process personal data. For EU law, please refer to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. You can read the EU General Data Protection Regulation online at EUR-Lex, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679
The processing of your personal data is based on the legal provisions of the General Data Protection Regulation (GDPR) and the General Data Protection Regulation (GDPR). As part of our data processing, we rely in particular on the following legal bases
- Consent (Art. 6 para. 1 lit. a DSGVO/GDPR): Your personal data will be processed if you have expressly given us your consent to do so. You can revoke this consent at any time with effect for the future.
- Contract fulfillment (Art. 6 para. 1 lit. b DSGVO/GDPR)**: We process your data in order to fulfill a contract with you or to take pre-contractual measures at your request, such as processing orders, providing services or responding to your inquiries.
- Fulfillment of legal obligations (Art. 6 para. 1 lit. c DSGVO/GDPR)**: It may be necessary to process your data in order to comply with legal obligations, such as the storage of tax data or the fulfillment of requests by authorities.
- Legitimate interests (Art. 6 para. 1 lit. f DSGVO/GDPR)**: If we have a legitimate interest in processing your data that does not outweigh your fundamental rights, we base the processing on this basis. This may be, for example, to optimize our website, for marketing measures or to ensure IT security.
As a rule, we have no other reasons for processing data. If we do, we will inform you of this.
Contact details
The entity responsible, as defined by the General Data Protection Regulation (GDPR), as well as other applicable data protection laws in the Member States of the European Union and other relevant data protection provisions, is
Niels Stummeyer
Herzog-Ferdinand-Str. 36
32425 Minden, Germany
E-Mail: moc.noitcudorpenotrekoj @liambew
Imprint: https://jokertonecourse.com/imprint
Storage period
As a general rule, we only store personal data for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the purpose for processing it no longer applies. In some cases, however, we are required by law to retain certain data beyond its original purpose, e.g. for accounting purposes.
If you request the deletion of your data or revoke your consent to processing, we will delete the data as quickly as possible, provided that there are no statutory retention obligations.
Where available, we will inform you of the specific retention periods for the individual types of data processing.
Communication
Overview of communication
When you contact us by telephone, e-mail or via an online form, personal data may be processed.
This data is processed in order to process and manage your request and all related business transactions. The data will be stored for the duration required by law.
Data subjects
Any person who contacts us via the communication channels we provide is subject to the processing described above.
When communicating by email, data may be stored on the respective device (e.g. computer, laptop, smartphone) and email server. The data is deleted as soon as the business transaction is completed and the legal provisions permit this.
Online forms
If you contact us via an online form, the data will be stored on the web server and forwarded to our e-mail if necessary. The data will be deleted once the inquiry or business transaction has been completed and the legal provisions permit this.
Telephone
When you call us, the call data is stored pseudonymized on the respective device and with the telecommunications provider. In addition, data such as your name and telephone number may be forwarded by e-mail and stored in order to process your request. The data will be deleted as soon as the matter has been dealt with and the legal provisions permit this.
Explanation of the legal basis
Data processing is based on the following legal bases:
Legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR: Our aim is to professionally manage customer inquiries and business communications. This requires certain technical systems, such as email platforms, exchange servers and mobile operators, to ensure efficient communication.
Consent pursuant to Art. 6 para. 1 lit. a GDPR: You give your consent to the storage and use of your data for business-related purposes.
Contract pursuant to Art. 6 para. 1 lit. b GDPR: Processing is necessary for the performance of a contract with you or a processor (e.g. telecommunications provider) or for pre-contractual measures, such as the preparation of an offer.
Data processing agreement (DPA)
We don’t operate entirely on our own and often rely on the services of other companies or individuals. In the course of working with these partners and service providers, it may be necessary to share personal data for processing. These partners act as processors, and we enter into what is known as a Data Processing Agreement (DPA) with them.
The processing of your personal data is carried out strictly according to our instructions and governed by the DPA, in line with GDPR requirements. This agreement must be in written form, and in this context, an electronic agreement is also considered “in writing.” Personal data will only be processed based on the terms of the contract.
Rights Under the GDPR
In accordance with Articles 13 and 14 of the GDPR, we want to inform you of the rights you have to ensure fair and transparent data processing.
Right to Information (Article 15 GDPR)
You have the right to know whether we process data about you. If we do, you can request a copy of your data along with the following information:
- The purpose of the data processing
- The categories (types) of data being processed
- Who receives this data, and if it is transferred to third countries, how security is ensured
- The duration for which the data will be stored
- The existence of rights to rectification, erasure, or restriction of processing
- The right to object to processing
- The right to lodge a complaint with a supervisory authority
- The source of the data if we did not obtain it from you
- Whether profiling is conducted, meaning whether your data is automatically analyzed to create a personal profile.
Right to Rectification (Article 16 GDPR)
You have the right to request corrections to your data if you find any inaccuracies.
Right to Erasure (Article 17 GDPR)
You have the right to request the deletion of your data, also known as the “right to be forgotten.”
Right to Restriction of Processing (Article 18 GDPR)
You have the right to restrict the processing of your data, meaning we may retain it but not use it further.
Right to Data Portability (Article 20 GDPR)
You have the right to data portability, which means you can request your data in a commonly used format.
Right to Object (Article 21 GDPR)
You have the right to object to data processing, which can lead to a change in how we handle your data.
If your data is processed under Article 6(1)(e) (public interest or exercise of official authority) or Article 6(1)(f) (legitimate interests), you can object to the processing, and we will assess your objection promptly.
If your data is used for direct marketing, you can object to this processing at any time, and we will cease using your data for that purpose.
Similarly, if your data is used for profiling, you can object at any time, and we will stop using your data for profiling purposes.
Right Not to Be Subject to Automated Decisions (Article 22 GDPR)
You may have the right not to be subject to decisions based solely on automated processing, such as profiling.
Right to Lodge a Complaint (Article 77 GDPR)
You have the right to lodge a complaint with a data protection authority if you believe that our processing of your personal data violates the GDPR.
Web hosting
The legality of the processing of personal data in the context of web hosting is based on Article 6(1)(f) of the General Data Protection Regulation (protection of legitimate interests). The use of professional hosting services is essential in order to present our company in a secure and user-friendly manner on the Internet and to be able to respond to possible attacks and complaints if necessary.
In order to ensure compliance with data protection regulations and guarantee data security, we have concluded a data processing agreement (DPA) with our hosting provider, as provided for in Articles 28 and 29 of the GDPR.
Our hosting provider is the company
Hetzner Cloud GmbH
Feringastraße 12A
85774 Unterföhring
Germany
The provider of our website automatically saves information in server log files, which your browser automatically transmits to us. This information includes
- Browser type and version
- Operating system used
- referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
Information on data protection at Hetzner Cloud GmbH can be found at
https://www.hetzner.com/de/legal/privacy-policy/
Content Delivery Network (CDN)
Caching with the Quic.Cloud content delivery network
This website uses caching to enable a faster response time and a better user experience.
For this, we use the caching provider
QUIC Cloud Inc,
150 Allen Rd, Suite 204,
Basking Ridge, NJ 07920, USA.
Caching may store duplicate copies of each web page displayed on this site. All cache files are temporary and are only accessed by third parties when necessary for technical support from the cache plugin provider. The expiration of cache files is managed according to a schedule set by the website administrator, although the administrator can delete them earlier if needed. We may also use QUIC.Cloud services to temporarily process and cache your data.
Further information can be found in quic.cloud’s privacy policy at: https://quic.cloud/privacy-policy/
As well as the QUIC.cloud Data Processing Agreement at: https://www.quic.cloud/dataprocessing/
and the QUIC.cloud GDPR Subprocessors: https://www.quic.cloud/gdpr-subprocessors/
Data Processing Security
As the data controller, we have implemented numerous technical and organizational measures to safeguard the personal data processed through this website. However, it is important to note that while we strive for maximum protection, internet-based data transmissions can never be entirely secure due to potential security vulnerabilities. Therefore, data subjects have the option to send their personal information to us through alternative methods, such as via telephone.
Article 25 of the General Data Protection Regulation emphasizes the importance of considering security and taking appropriate measures through the design of technology and privacy-friendly default settings for both software (such as forms) and hardware (such as server room access).
We make efforts to encrypt or pseudonymize personal data whenever possible, and we take steps to prevent third parties from accessing personal information derived from our data.
TLS Encryption with HTTPS
We utilize HTTPS (Hypertext Transfer Protocol Secure) to ensure secure data transmission over the internet. This means that all data transferred from your browser to our web server is protected from interception, ensuring that no one can “listen in” on the communication.
By implementing this additional layer of protection, we enhance data security in accordance with Article 25(1) of the GDPR. We can assure the protection of confidential information through the use of TLS (Transport Layer Security), an encryption protocol designed for secure internet communication.
You can verify that we use this security measure for data transmission by looking for the small lock symbol in the top left corner of your browser, next to the web address (e.g., examplepage.com), and by observing the use of “https” in our URL instead of “http.”
Protection Against Unauthorized Access
To safeguard our services, website access, and stored data, we employ various tools and collaborate with contracted providers who, to the best of our knowledge, meet the necessary technical and security requirements. These tools and providers are detailed in this privacy policy under section (“Security & Anti-Spam”).
Cookies
Many websites and servers use cookies, each of which has a unique cookie ID. It consists of a string of characters through which websites and servers can be assigned to the specific website in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other internet browsers that contain other cookies.
Cookies enable services on this website that would not be possible without them. They enable us to customize the information and offers on our website for each user. Cookies help us, for example, to recognize returning users in order to provide them with a smoother visit. Users do not have to re-enter their login details each time they visit, as the website remembers this information through the cookies stored on their device.
Our website uses cookies to improve the use and functionality of our services and to provide you with an optimized user experience. Cookies are small text files that are stored on your device as soon as you visit our website. They contain information that makes it possible to recognize your browser on future visits or to save certain user settings.
We use cookies, local storage and session storage on some of our websites to improve user-friendliness, efficiency and security. Local storage and session storage allow your browser to store information on your computer or mobile device.
Users have the option to prevent the use of cookies on our website at any time by adjusting the settings of their internet browser and thus permanently opting out of their use. They can also delete cookies that have already been saved via their browser or other software applications, which is possible with all common web browsers. However, deactivating cookies can lead to functional restrictions on our website.
Types of cookies
Which cookies we use in detail depends on the services offered and is explained in more detail in the following sections of this privacy policy.
We use different types of cookies for different purposes:
- Necessary cookies: These cookies are necessary for the website to function properly. Without these cookies, basic functions, such as navigation on the website or access to secure areas, would not be possible.
- Functional cookies: These cookies allow us to save your preferred settings, such as your language or region. This makes using our website more convenient and efficient for you.
- Performance and analytics cookies**: We use these cookies to collect anonymized data about how visitors use our website, e.g. which pages are accessed most frequently. This information helps us to improve the performance of our website and customize content.
- Marketing and tracking cookies**: These cookies track your use of our website in order to show you targeted advertising that is relevant to you. This involves sharing information about your activities on our website with third parties, such as advertising partners.
When you visit a website for the first time, you will usually be asked to select which types of cookies you wish to allow and this selection will be stored in a cookie.Cookie Consent Management
What is a Cookie Consent Management Platform?
We utilize a Consent Management Platform (CMP) on our website to facilitate the proper and secure handling of scripts and cookies for both you and us. This software automatically generates a cookie pop-up, scans and reviews all scripts and cookies, provides the necessary cookie consent in compliance with data protection laws, and helps us keep track of all cookies.
The cookie consent management tool identifies and categorizes all existing cookies. As a visitor to our website, you have the ability to decide which scripts and cookies you want to accept or reject. You can manage your cookie preferences through the consent system.
Real Cookie Banner
We employ the “Real Cookie Banner” consent tool to manage the cookies and similar technologies used on our site (such as tracking pixels and web beacons) along with the corresponding consents. More information on how the “Real Cookie Banner” operates can be found at https://devowl.io/de/rcb/datenverarbeitung/
The legal basis for processing personal data in this context is Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Our legitimate interest lies in managing the cookies and similar technologies utilized, along with the related consents.
Providing personal data is neither a contractual requirement nor necessary for the conclusion of a contract. You are not obligated to provide your personal data. However, if you choose not to provide this information, we will be unable to manage your consent effectively.
Registration process
Registration process
When you register on our website, we only collect the data that is necessary for the registration process. This usually includes personal information such as your name, your e-mail address and a password. Please use a secure password and ensure that you use an e-mail address that you check regularly.
In addition, your IP address and the date and time are recorded when you register. This serves to protect against misuse and helps to solve criminal offenses if necessary. This data is only passed on to third parties if there is a legal obligation to do so or if it is necessary for criminal prosecution.
The data entered will only be used for internal purposes and to provide the requested services. If necessary, your data may be passed on to service providers, such as payment providers, who will also only use it for the purpose of processing.
You have the option of changing or deleting your data at any time after registration, provided that there are no statutory retention obligations. If you require information about the stored data or assistance with changing or deleting it, you can contact us at any time.
Storage period
We will retain the data entered for as long as the account exists and is actively used, as well as for the duration of the contractual obligations between us, until the corresponding claims are time-barred. In addition, we will retain your data for as long as necessary to fulfill legal obligations. After this period, we will retain accounting records that are part of the contract (such as invoices, contracts, bank statements, etc.) and other relevant business records for the period required by law (usually several years).
Right to object
If you have registered and entered your data but wish to stop the processing, this is not a problem. The rights under the General Data Protection Regulation apply during registration, login and also after opening an account with us. To exercise your rights, please contact the data protection officer mentioned above. If you already have an account with us, you can easily check and manage your data directly in your account.
Web Analytics
The use of web analytics tools requires your consent. In accordance with Article 6 (1) (a) of the GDPR, this consent serves as the legal basis for processing personal data that may occur when using web analytics.
In addition to obtaining your consent, we also have a legitimate interest in analyzing the behavior of our website visitors to enhance our offerings both technically and economically. Through web analytics, we can identify website errors, detect attacks, and improve our profitability. The legal basis for this processing is Article 6 (1) (f) of the GDPR, which pertains to legitimate interests. For these purposes, we utilize the following tools:
WP-Statistics (Plugin)
Our website employs the WordPress analytics plugin WP-Statistics, provided by wp-statistics.com. The data collected is used in an anonymized manner to generate basic statistics for measuring reach. No user profiles are created, and no cookies are set for this purpose. All data gathered by WP-Statistics is stored completely anonymously on our web server, making it impossible to personally identify a visitor, even retrospectively.
For more information, please visit: https://wp-statistics.com/privacy-policy/
Email Marketing
Why do we use email marketing?
We aim to maintain communication with you and regularly provide essential information about our company. To achieve this, we utilize email marketing, often referred to as a “newsletter” or “mailing list,” which is a crucial component of our online marketing strategy. With your consent or as permitted by law, we will send you newsletters, special offers, system emails, and other notifications via email.
To ensure that our newsletters are fast and secure, we partner with a service provider that offers a professional mailing tool for our email marketing. Our goal is to inform you about our products and services while advancing our business objectives.
What data is processed?
When you register for our newsletter on our website, you will need to confirm your subscription via email. Along with your email address and IP address, we may also collect your title, name, address, and telephone number, but only if you agree to the storage of this data. Providing this information is voluntary; however, if you do not enter the required data, you will be unable to access the service. Additionally, we may collect data about your device or your preferred content on our website. We keep a record of your consent to ensure compliance with our legal obligations.
Registration Procedure: “Double-Opt-In”
We implement a “Double-Opt-In” procedure for our mailing list subscriptions. After you enter your information in the mailing list form, we will send a confirmation request to the email address you provided. You must actively confirm your subscription by clicking the link in the confirmation email. Without this confirmation, you will not be added to the mailing list.
This process ensures that we have your consent to send you our information (newsletter) and that the information you provided is accurate.
Duration of Data Processing
If you choose to remove your email address from our newsletter distribution list, we reserve the right to retain your email address for up to three years based on our legitimate interest in proving your consent. We will only process this data if we need to defend against any claims.
If you confirm your consent to receive our newsletter, you can request the deletion of your email address at any time. If you do not permanently withdraw your consent, we reserve the right to add your email address to a blacklist. If you voluntarily subscribe to our newsletter, we will keep your email address on file.
Right to Object
You can unsubscribe from the newsletter at any time by withdrawing your consent. This process is quick and can usually be completed in a few seconds or with just a couple of clicks. Each email contains a link at the bottom for canceling your newsletter subscription. If the link is unavailable, please contact us via email, and we will promptly cancel your subscription.
Legal Basis
Our newsletters are sent based on your consent (Article 6 (1) (a) of the GDPR). This means we are only permitted to send you newsletters if you have actively subscribed. We may also send you promotional messages if you are a customer and have not objected to the use of your email address for direct marketing.
Information Storage
Your data from the registration forms on our website will be stored on the server of our web hosting service provider. This data will not be shared or processed by any other service providers.
SMTP Services
To send emails, we have engaged service providers (known as SMTP services) that comply with GDPR requirements. These providers ensure the technical and secure execution of our email sending, both for newsletters and necessary service-related emails (e.g., registration confirmations).
We use one or more of the following providers:
- Amazon SES (Privacy Statement)
- Elastic Email (Privacy Policy)
- Postmark (Privacy policy / EU Data Protection)
- Dogado (Privacy Policy)
- SureCart (Privacy Policy)
Order Processing
We have entered into a Data Processing Agreement (DPA) with the listed service providers to ensure proper handling of your data.
Shopping Tool System
SureCart
The SureCart shopping system is integrated as a plugin on this website.
The legal entity responsible for the operation of this service is
SureCart Inc.
2055 Limestone Rd,
STE 200-C, Wilmington, Delaware 19808.
United States of America
Through the functionalities provided, the above-mentioned data is transmitted, stored and processed by SureCart Inc.
In order to operate the Service, SureCart must share your personal data with third parties, including hosting companies, payment providers, licensing gateways and support personnel.
Sub-processors involved include:
- TaxJar for tax calculations
- CloudFlare for content storage and delivery optimization
- UpCloud for hosting
Why is SureCart used on this website?
SureCart is used to effectively present our digital products or services on our website. Our aim is to provide you with straightforward, efficient and secure access to our product range so that you can find and purchase your desired items quickly and securely. You can view SureCart’s privacy policy here: https://surecart.com/privacy-policy/
Payment Service Providers and eCommerce
Data Processing (Customer and Contract Data)
We collect, process, and utilize personal data only to the extent necessary for establishing, modifying, or terminating the legal relationship (inventory data). This is conducted in accordance with Art. 6 (1) (b) GDPR, which permits data processing for contract performance or pre-contractual measures. We collect, process, and use personal data regarding your use of this website (usage data) solely as needed to facilitate your access to the service or for billing purposes.
Customer data will be deleted once the order is completed or the business relationship is terminated, while statutory retention periods will remain in effect.
Data Transfer When Concluding a Contract for Services and Digital Content
We only share personal data with third parties when it is necessary for contract execution, such as to the financial institution responsible for processing payments. Any further sharing of data will only occur if you have explicitly consented to it. Your data will not be shared with third parties without your explicit consent, including for advertising purposes.
The legal basis for data processing in this context is Art. 6 (1) (b) GDPR, which allows processing for the fulfillment of a contract or pre-contractual actions.
Payment Services
We integrate payment services from third-party providers on our website. When you make a purchase, your payment information (e.g., name, payment amount, bank account details, credit card number) is processed by the payment service provider to facilitate the transaction.
These transactions are governed by the respective contractual and data protection regulations of the providers. Payment service providers are used based on Art. 6 (1) (b) GDPR (contract processing) and to ensure that the payment process is as smooth, convenient, and secure as possible (Art. 6 (1) (f) GDPR). If your consent is required for specific actions, Art. 6 (1) (a) GDPR serves as the legal basis for data processing, and you may withdraw your consent at any time in the future.
Without sharing your personal data, we cannot process payments through our payment service providers.
For some of the payment service providers listed below, you will need to have an account with them in order to utilize their payment services.
Please note that the availability of payment service providers and options may vary based on country-specific conditions.
Overview of the services/payment service providers
On this website, we use the following payment services/payment service providers, depending on the user’s country, web browser, and available store options:
PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (PayPal). For more details, refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
To make a payment, you need an account with this payment service provider.
Apple Pay
The provider of the payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple’s privacy policy can be found here: https://www.apple.com/legal/privacy/de-ww/.
To make a payment, you need an account with this payment service provider.
Google Pay
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google’s privacy policy can be found here: https://policies.google.com/privacy.
To make a payment, you need an account with this payment service provider.
Stripe
The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (referred to as “Stripe”). More information can be found in Stripe’s privacy policy: https://stripe.com/de/privacy.
Klarna
The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (referred to as “Klarna”). Klarna offers various payment options, such as installment purchases. If you choose to use Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna also utilizes cookies to enhance the user experience of its checkout solution. Details regarding Klarna’s cookie policy can be found at: https://docs.klarna.com/policies/cookie-policy/.
You can read more in Klarna’s privacy policy: https://www.klarna.com/de/datenschutz/.
Paydirekt
The provider of this payment service is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany (referred to as “Paydirekt”). If you make a payment via Paydirekt, the service collects various transaction data and forwards it to the bank with which you are registered. In addition to the required payment data, Paydirekt may also collect other information, such as your delivery address or specific items in your shopping cart, as part of transaction processing. Paydirekt then authenticates the transaction using the authentication method established at your bank. The payment amount is then transferred from your account to ours. Neither we nor any third parties will have access to your account details. More information on payments with Paydirekt can be found in their terms and conditions and privacy policy: https://www.paydirekt.de/agb/index.html.
Instant Bank Transfer
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (referred to as “Sofort GmbH”). Using the “Sofortüberweisung” method, we receive real-time payment confirmations from Sofort GmbH, allowing us to fulfill our obligations immediately. If you choose to pay via instant bank transfer, you will need to provide your PIN and a valid TAN to Sofort GmbH to log into your online banking account. After logging in, Sofort GmbH will automatically verify your account balance and process the transfer using the TAN you provided. They will then send us a transaction confirmation right away. During this process, your turnover, overdraft limit, and the existence of other accounts and their balances will also be checked. In addition to your PIN and TAN, your entered payment data and personal information will be sent to Sofort GmbH, which includes your name, address, phone number(s), email address, IP address, and any other data required for payment processing. This information is necessary to verify your identity and prevent fraud. For further details on paying with Sofortüberweisung, visit: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
Security & Anti-Spam
Why Do We Use Security and Anti-Spam Software?
We prioritize security on our website, not only for our protection but, more importantly, for your safety. Cyber threats are a daily reality in the IT and Internet landscape. Hackers frequently attempt to steal personal data through cyberattacks, making a robust defense system essential. Our security system monitors all incoming and outgoing connections to our network or computer. To enhance our defenses against cyber threats, we utilize additional external security services alongside the standard security measures on our computers. This approach helps us prevent unauthorized data traffic and protects us from cybercrime.
What Data Is Processed by Security and Anti-Spam Software?
The specific data collected and stored varies by service. However, we strive to use programs that minimize data collection, only retaining information necessary for the service’s functionality. Typically, this may include data such as your name, address, IP address, email address, and technical information like browser type or version. Performance and log data may also be gathered to identify potential threats in a timely manner. All data processing occurs in compliance with applicable laws, including GDPR for US providers (via standard contractual clauses). In some cases, these security services may collaborate with third-party service providers, who may store and/or process data under the guidance of our Privacy Policy and security protocols. Data is generally stored through cookies.
Duration of Data Processing
We will provide information regarding the duration of data processing when available. For instance, security programs may retain data until you or we request its deletion. Generally, personal data will be stored only as long as necessary for service provision. Unfortunately, we often lack precise information from providers regarding the duration of data storage.
Right to Object
You have the right to withdraw your consent for the use of cookies or third-party security software providers at any time. This can be accomplished through our cookie management tool or other opt-out functions. For example, you can prevent cookie data collection by managing, disabling, or deleting cookies in your browser.
Legal Basis
We primarily use security services based on our legitimate interests (Art. 6 (1) (f) GDPR) to maintain a robust security system against various cyber threats.
Certain processing activities, particularly those involving cookies and security features, require your consent. If you consent to the processing and storage of your data by integrated security services, this consent serves as the legal basis for data processing (Art. 6 (1) (a) GDPR). Most of the services we employ place cookies on your browser to store data. Therefore, we recommend reviewing our cookie privacy policy and the respective service provider’s privacy or cookie policies carefully.
SolidWP Privacy Policy
We use SolidWP Security, a security plugin for the WordPress content management system, to safeguard our website. SolidWP is a part of StellarWP brands and is owned by Liquid Web LLC (2703 Ena Drive, Lansing, MI 48917, USA).
Your data may also be processed by SolidWP in the United States. It is important to note that the European Court of Justice currently does not recognize an adequate level of protection for data transfers to the USA, which may result in various legal and security issues for data processing.
SolidWP utilizes standard contractual clauses (Art. 46 (2) and (3) GDPR) for processing or transferring data to recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA). The EU Commission provides Standard Contractual Clauses (SCC) to ensure that your data adheres to European data protection standards when transferred and stored in third countries, such as the USA. Liquid Web is committed to upholding European data protection standards while processing your relevant data, even if it is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission, which is available here: EU Commission Decision. https://eur-lex.europa.eu/eli/decimpl/2021/914/oj?locale=de
There is a link to download the Data Processing Addendum on the website https://www.liquidweb.com/blog/liquid-web-and-gdpr-compliance/
For more information on data processing by SolidWP or Liquid Web, please refer to the Privacy Policy:
https://www.liquidweb.com/about-us/policies/privacy-policy/
https://solidwp.com/privacy-policy/
Quic.cloud (WAF)
To ensure our website operates securely and smoothly, we use the provider QUIC.cloud.
When you visit our website, personal data is processed.
Categories of Data Processed:
Technical connection data during server access (IP address, date, time, requested page, browser information).
Purpose of Processing:
Delivery and provision of the website.
Legal Basis for Processing:
A legitimate interest that overrides the rights and freedoms of data subjects (Art. 6 (1) (f) GDPR).
Legitimate Interests in This Context:
A strong economic interest in the safe and efficient operation of technical systems.
Data may be transferred to the processor:
QUIC Cloud Inc.
150 Allen Rd., Suite 204,
Basking Ridge,
NJ 07920, USA.
Further information can be found in quic.cloud’s privacy policy at: https://quic.cloud/privacy-policy/
As well as the QUIC.cloud Data Processing Agreement at: https://www.quic.cloud/dataprocessing/
and the QUIC.cloud GDPR Subprocessors: https://www.quic.cloud/gdpr-subprocessors/
Duration of Processing:
Variable and concludes with the cessation of the processing purpose.
We have established a data processing agreement with the service provider (DPA) in compliance with Art. 28 et seq. GDPR to ensure data protection and security.
Audio & Video Content
YouTube
We have integrated YouTube videos into our website to provide you with engaging content directly on our platform. YouTube is a video-sharing platform owned by Google since 2006 and is operated by YouTube, LLC, located at 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that contains an embedded YouTube video, your browser automatically connects to YouTube or Google servers. Depending on your settings, various data may be transmitted. In Europe, all data processing is managed by Google Ireland Limited, based at Gordon House, Barrow Street, Dublin 4, Ireland.
Our offerings are also showcased on YouTube, but the videos themselves are hosted on YouTube’s servers.
When you access our website, YouTube receives information indicating that you have visited a specific page. If you play the videos, additional data regarding your online behavior is sent to YouTube. The videos will remain blocked until you consent to YouTube’s cookie usage. YouTube aims to create a usage profile based on this information, regardless of whether you have a logged-in user account. If you are logged into Google, your data will be linked directly to your account. Since its acquisition by Google in 2006, YouTube has been a part of the Google Group.
YouTube stores data in user profiles and utilizes it for advertising, market research, and tailoring its website to meet user needs. This analysis occurs even for users not logged in, enabling YouTube to provide targeted advertising and inform other social network users about your activities on our site. If you wish to object to the creation of these user profiles, you must contact YouTube directly.
For further details regarding data collection, processing, and your rights, please refer to YouTube’s privacy policy. You can also find information on how to manage your privacy settings:
Since YouTube is a subsidiary of Google, there is a common privacy policy. If you would like to learn more about the handling of your data, we recommend that you read the privacy policy under https://www.google.de/intl/de/policies/privacy
Additionally, Google processes your personal data in the USA and adheres to the EU-U.S. Privacy Shield framework: EU-U.S. Privacy Shield (https://www.privacyshield.gov/EU-US-Framework)
Legal Basis:
The legal basis for data processing is Art. 6(1)(a) GDPR (consent).
Bunny.net
To deliver video content in our online course area, we utilize the services of Bunny.net. You can read their privacy policy here: Bunny.net (https://bunny.net/privacy/)
When you visit our website, your personal data is processed.
Categories of Data Processed:
Technical connection data during server access (IP address, date, time, requested page, browser information).
Purpose of Processing:
To deliver and provide the website content.
Legal Basis for Processing:
Our legitimate interest that outweighs the rights and freedoms of data subjects (Art. 6 (1) (f) GDPR).
Legitimate Interests:
A strong economic interest in maintaining the safe and efficient operation of technical systems.
Data may be transferred to the processor,
Bunny CDN
Cesta Komandanta, Staneta 4a, 1215 Medvode, Slovenia.
Duration of Processing:
Variable, concluding when the purpose of processing no longer exists.
We have established a data processing agreement with Bunny.net to ensure compliance with data protection regulations.to the processor Bunny CDN (bunny.net)
Cesta Komandanta, Staneta 4a,1215 Medvode, Slovenia
Duration of processing: is variable and ends when the purpose of processing ceases to exist.
We have concluded a data processing agreement with Bunny.net
Social Media Connection
Meta / Facebook Pixel
This website utilizes Facebook’s visitor action pixels to track conversions. The service provider is Facebook Ireland Limited, located at 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected may also be transferred to the USA and other third countries.
By using this pixel, we can monitor the behavior of site visitors after they click on a Facebook ad and are redirected to the provider’s website. This helps evaluate the effectiveness of Facebook ads for statistical and market research purposes and allows for optimization of future advertising strategies.
The data collected is anonymous from our perspective as the website operator, meaning we cannot identify individual users. However, Facebook stores and processes this data, which allows it to associate it with specific user profiles and use it for its advertising purposes in accordance with its Data Use Policy. This enables Facebook to display ads both on its platform and beyond, and we, as the site operator, cannot influence this data usage.
The implementation of Facebook pixels is based on Art. 6 (1) (f) GDPR, as the website operator has a legitimate interest in effective advertising strategies, including social media. If consent is requested (such as for cookie storage), processing will occur solely on the basis of Art. 6 (1) (a) GDPR, and you can revoke this consent at any time.
For more information on how to safeguard your privacy, please refer to Facebook’s privacy policy:https://de-de.facebook.com/about/privacy/.
You can also opt out of the Custom Audiences remarketing feature in the Ad Settings section of https://www.facebook.com/ads/preferences/?entryproduct=adsettings.
If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/
Additional Disclosures for Australian Privacy Act Compliance (AU)
International Transfers of Personal Information
If your personal information is disclosed solely under Australian privacy laws, you recognize that some third parties may not be subject to the Privacy Act or the Australian Privacy Principles outlined in the Act. You understand that if any of these third parties engage in actions or practices that violate the Australian Privacy Principles, they will not be held accountable under the Privacy Act, and you will not have the option to seek remedies through it.
Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU)
Data Controller / Data Processor
The GDPR differentiates between organizations that process personal information for their own purposes, referred to as “data controllers,” and those that process personal information on behalf of other organizations, known as “data processors.” We, located at the address provided in our imprint section, act as a Data Controller regarding the personal information you provide to us.
Legal Bases for Processing Your Personal Information
We will only collect and use your personal information when we have the legal right to do so. We ensure that our collection and use of your personal information are lawful, fair, and transparent. If we require your consent to process your personal information and you are under 16 years old, we will seek consent from your parent or legal guardian for that specific purpose.
Our lawful bases for processing your personal information depend on the services you use and how you engage with them. Therefore, we collect and use your information based on the following grounds:
Consent From You
When you provide us with consent to collect and use your personal information for a specific purpose. You have the right to withdraw your consent at any time using the options we provide; however, this will not affect any processing that has already occurred. You may supply a physical address for receiving orders, and while you can change or delete this address at any time, it will not impact orders that have already been dispatched. If you have any questions about withdrawing your consent, please feel free to reach out using the contact details provided in the Contact Us section of this privacy policy.
Performance of a Contract or Transaction
When you enter into a contract or transaction with us or take preparatory steps before entering into a contract or transaction. For example, if you purchase a product, service, or subscription from us, we may need to use your personal and payment information to process and fulfill your order.
Our Legitimate Interests
When we determine that processing your information is necessary for our legitimate interests, which include providing, operating, improving, and communicating our services. Our legitimate interests may encompass research and development, understanding our audience, marketing and promoting our services, ensuring efficient service operation, conducting market analysis, and protecting our legal rights and interests.
Compliance with Law
In certain situations, we may have a legal obligation to process or retain your personal information. This includes (but is not limited to) compliance with court orders, criminal investigations, government requests, and regulatory obligations. If you have any questions about how we retain personal information to comply with legal requirements, please feel free to inquire using the contact details in the Contact Us section of this privacy policy.
International Transfers Outside of the European Economic Area (EEA)
We will ensure that any transfer of personal information from countries within the European Economic Area (EEA) to countries outside the EEA is safeguarded by appropriate measures. This may include the use of standard data protection clauses approved by the European Commission, binding corporate rules, or other legally recognized mechanisms.
Your Rights and Control Over Your Personal Information
Restrict Processing: You have the right to request that we limit the processing of your personal information if: (i) you are concerned about its accuracy; (ii) you believe it has been processed unlawfully; (iii) you need us to retain it solely for legal purposes; or (iv) we are evaluating your objection to processing based on legitimate interests.
Objecting to Processing: You have the right to object to the processing of your personal information that is based on our legitimate interests or for public interest purposes. In such cases, we must demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms in order to continue processing your personal information.
Data Portability: You may have the right to request a copy of the personal information we hold about you. Whenever possible, we will provide this information in CSV format or another easily readable machine format. You may also request that we transfer your personal information to a third party.
Deletion: You may request the deletion of your personal information at any time, and we will take reasonable steps to remove it from our records. If you request the deletion of your personal information, we will inform you how this may affect your use of our website or our products and services.
There may be specific legal reasons for exceptions to this right, which we will communicate to you in response to your request. If you choose to terminate or delete your account, we will delete your personal information within one business day of your account’s deletion. Please note that search engines and similar third parties may retain copies of your personal information that has been publicly accessible, such as profile information and public comments, even after you have deleted the information from our services or deactivated your account.
Additional Disclosures for California Compliance (US)
Under California Civil Code Section 1798.83, if you reside in California and your relationship with us is primarily for personal, family, or household purposes, you may request information about the data we share with other organizations for their marketing purposes.
To submit such a request, please contact us using the information provided in this privacy policy, including “Request for California Privacy Information” in the subject line. You can make this request once per calendar year. We will email you a list of the categories of personal information disclosed to other organizations for their marketing purposes in the previous calendar year, along with their names and addresses. Please note that not all personal information shared in this manner is covered by Section 1798.83 of the California Civil Code.
Do Not Track
Some browsers feature a “Do Not Track” option that allows you to inform websites that you do not wish to have your online activities tracked. Currently, we do not respond to browser “Do Not Track” signals.
We adhere to the standards outlined in this privacy policy, ensuring that we collect and process personal information in a lawful, fair, transparent manner, with legitimate legal reasons for doing so.
Cookies and Pixels
You can decline cookies from our site at any time if your browser allows it. Most browsers enable you to configure settings to refuse all or some cookies. Therefore, your ability to limit cookies is contingent upon your browser’s capabilities. For more information, please refer to the Cookies section of this privacy policy.
CCPA-Permitted Financial Incentives
In line with your right to non-discrimination, we may offer certain financial incentives permitted by the CCPA that could lead to different prices, rates, or quality levels for our goods or services.
Any financial incentive we offer in compliance with the CCPA will be reasonably related to the value of your personal information, and we will provide written terms clearly outlining the nature of the offer. Participation in a financial incentive program requires your prior opt-in consent, which you can revoke at any time.
California Notice of Collection
In the past 12 months, we have collected the following categories of personal information as defined by the California Consumer Privacy Act:
- Identifiers: Such as name, email address, phone number, account name, IP address, and any ID or number assigned to your account.
- Customer Records: Including billing and shipping addresses, and credit or debit card information.
- Geolocation Data.
For additional information about the data we collect, including the sources from which we obtain this information, please review the “Information We Collect” section. We collect and utilize these categories of personal information for the business purposes described in the “Collection and Use of Information” section, including to provide and manage our services.
Right to Know and Delete
If you are a California resident, you have the right to request the deletion of your personal information that we have collected and to know certain details about our data practices over the past 12 months. Specifically, you have the right to request the following from us:
- The categories of personal information we have collected about you.
- The categories of sources from which we collected your personal information.
- The categories of personal information about you that we have disclosed for a business purpose or sold.
- The categories of third parties to whom your personal information was disclosed for a business purpose or sold.
- The business or commercial purpose for collecting or selling your personal information.
- The specific pieces of personal information we have collected about you.
To exercise any of these rights, please contact us using the details provided in this privacy policy.
Shine the Light
If you are a California resident, in addition to the rights discussed above, you have the right to request information about how we share certain personal information, as defined by California’s “Shine the Light” law, with third parties and affiliates for their own direct marketing purposes.
To receive this information, please send us a request using the contact details provided in this privacy policy. Your request must include “California Privacy Rights Request” in the first line of the description, along with your name, street address, city, state, and ZIP code.
Conclusion
As highlighted in our privacy policy, we take the protection of your personal data very seriously.
We believe it’s essential to provide you with clear and accurate information regarding how your personal data is processed. Our goal is not only to inform you about which data is being collected but also to help you understand the reasons behind our use of various software programs. We recognize that many privacy policies can be overly technical and legalistic. Since most of our users aren’t web developers or lawyers, we aimed to present the information in a more straightforward and accessible manner.
If you require any further assistance about data protection on our website, please feel free to reach out to us or the relevant authority.